Mark

End of an era ❤️

We all agree 😂 Unfortunately your mockup is pretty much exactly one of their "no, you can't do that" examples

https://developers.google.com/identity/branding-guidelines

Rather than make the change every new version, you might want to take a look at writing a plugin. This guide has a complete walkthrough but you can skip everything except steps 1, 6 and 8, because all you'll need is a code hook on that class with something like:

public function __construct( $url, $timeout=5, $httpVersion=NULL, $followRedirects=TRUE, $allowedProtocols=NULL )
{
	parent::__construct( $url, $timeout, $httpVersion, $followRedirects, $allowedProtocols );
	
	curl_setopt_array( $this->curl, [		
		CURLOPT_PROXY			=> "10.0.0.33",
		CURLOPT_PROXYPORT		=> "1080",
		CURLOPT_PROXYTYPE		=> CURLPROXY_SOCKS5,
		CURLOPT_PROXYUSERPWD	=> "forum:password"
	] );
}

It's no longer supported. Do a separate count query:

{{$total = \IPS\Db::i()->select( 'COUNT(*)', 'cms_custom_database_8', array( 'field_140=?', $record->primary_id_field ) )->first();}}

On 11/28/2020 at 6:44 AM, Mike I said:

What Stripe settings

AdminCP > Commerce > Payments > Settings > Payment Methods > Stripe. Sounds like the webhook isn't set up correctly.

Invision Community should automatically capture the transaction once it has verified the transaction passes any anti-fraud rules you've set up (or void it if it doesn't).

Check that you've got all the Stripe settings correct and then if you submit a support ticket we can take a look. To do this, go to the Support section of the AdminCP and choose "Something isn't working correctly" and then follow the instructions through until you get to the page to submit a support ticket.

Thanks for letting us know - we'll get that fixed 👍

1 minute ago, Midnight Modding said:

I think confirmedDelete() does too, right? I added in the csrf check a lot of places last year, only to then go through IPB files and figure out it is actually already done most places I change a state in.

Correct

48 minutes ago, onlyME said:

I got -200 error when uploading file if using \IPS\Session::i()->csrfCheck()

public function foo()
{
  \IPS\Session::i()->csrfCheck();
  $form = new \IPS\Helpers\Form;
  $form->add( new \IPS\Helpers\Form\Upload(....) );
  ....
}

 

The form helper already provides CSRF-protection if every change of state is contained within the if ( $values = $form->values() ) { ... }

Specifically, in order to prevent you from locking yourself out of the AdminCP, you can't demote yourself from being an admin. You can move yourself into a different admin group if you have any (they must have the same level of restrictions - not greater or lesser than you have), and admins that have permission to demote other admins can do so, but you can't edit your own account in a way that would affect your admin restrictions.

My understanding is that you cannot generate a client ID without a paid developer account and an iOS app in the App Store, and it would have to be unique to each site (i.e. our upcoming app which is used for every community won't be able to be used).

4 hours ago, Meddysong said:

Ah, it's not just us then. Thank you for taking the time to drop me a line.

Yes, that would work. (Except for the scenario where people want to buy multiples of them, I suppose. 10 copies would still weigh under the 2kg cut-off for Small Parcel ordinarily.)

EasyPost looks dauntingly impressive, but I'm afraid I wouldn't have the faintest clue where to start. Setting the weight to 1kg seems to be the way we'll have to go.

It's very easy! Just create an account with them and then go to AdminCP > Community Enhancements > EasyPost and pop your API key in.

There's no particular reason you have to give Commerce the correct weight. For example, for any items which exceed the "large letter" dimensions, just tell Commerce that it weighs 1kg, even if it weighs less.

Alternatively, you can use EasyPost.

Hm... looks right here:

Are you sure you don't have a customisation that could be causing it? If you submit a ticket we can take a look.

Which of the devices you listed was your answer to question #4?

@Gauravk Out of interest, can you tell me:

1. Are you in the UAE or a different country?
2. What country is selected by default for you?
3. What language is your computer/browser set to? 
4. What does this tool say for "Your browser's Accept-Language header:"?
5. Which OS and browser are you using?

I am trying to improve the auto detection and understanding more details about anyone it's incorrect for will be very useful.

And you definitely want to prevent sending out hidden posts, posts in any forums normal users can't see, etc.

If you're using PHP, you can use the \IPS\forums\Topic\Post::getItemsWithPermission() function. Alternatively, use the REST API setting "hidden" to 0 and "forums" to the ones you want to include.

10 hours ago, SJ77 said:

So to be clear, even with this:

define( 'NEXUS_TEST_GATEWAYS', true );

, Stripe will still work and process a real purchase?

Yes. To put Stripe into test mode you need to use the test mode API keys from your Stripe account.

Just to note on the test gateways one: some providers (off the top of my head, I think Stripe is the only one) don't use that constant but give you different keys for test/live environments.

Those two (emails and gateways) are the big ones, but there are probably quite a few others. For example, every now and again we get people who have managed to block themselves in our Spam Defense service by registering several accounts on a test site. Really you should avoid using any live data (like real people's emails) and disable all integrations with external sites/services on a test install.

In order for a website to use Sign In With Apple, that website needs to be associated with an (individual) iOS app.

It looks like (though I am still waiting for more details to emerge) that it can be done on standalone websites but you'd need to sign up for Apple's Developer Program, which costs $99/year. We can't create one thing and use it for all sites because each domain and email address you will send emails from to cloaked addresses has to be registered, and there's a limit of 10.

To clarify since @Joel R mentioned me specifically... 😂

We will be sticking with CKEditor 4 for a little while. While we will presumably move to CKEditor 5 some time in the future, it is currently still very new and maturing (when Joel asked me, it was before 5.11.2.0 was released which is when they re-added paste from word). But most importantly, to move would require a lot of development time (to upgrade our custom plugins) for what will be, to the end-user, very little change. And since CKEditor plans to continue releasing updates to version 4 for the foreseeable future we're not missing out on bug fixes or security patches.

Obviously if you're experiencing issues, please submit a support ticket and we can look into that - if you're not seeing the same problems on CKEditor's demo, the problem is likely our end and so it's probable that moving to CKEditor 5 wouldn't resolve it.

3 hours ago, AlexWright said:

Continuing thoughts on this, architecture a little bit.

With the ever increasing threat of compromise (dont tell me that it won't/can't/isn't likely), perhaps it's time for a different method of password management? The md5/sha1 types are outdated, and I'm fairly certain that's what Invision still uses? Would be better to use Argon2id and XChaCha20-Poly1305, or something similar, if this hasn't already been dealt with.

We haven't used salted md5s since v4 😉 We use bcrypt.

\IPS\DateTime::ts( $comment->mapped('date') )

{datetime="whatever" dateonly="true"}